basic admin policy start

app/controllers/admin_controller.rb

@@ -1,9 +1,13 @@
 # frozen_string_literal: true
 class AdminController < ApplicationController
+  include Pundit
   layout 'admin'
   before_action :authorize_user
 
+  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
+
   def dashboard
+    authorize :admin, :dashboard?
     @quizzes = Quiz.includes(:questions).all
     @users = User.order(:role, :name)
   end
@@ -18,4 +22,9 @@ class AdminController < ApplicationController
     def authorize_user
       redirect_to admin_login_path unless current_user
     end
+
+    def user_not_authorized
+      flash[:error] = "You are not authorized to perform this action."
+      redirect_to(request.referer || root_path)
+    end
 end